Ramblings about security, rants about insecurity, occasional notes about reverse engineering, and of course, musings about malware. What more could you ask for?

Monday, April 24, 2017

DOUBLEPULSAR (NSA malware) infects more than 3% of machines with SMB exposed to the Internet

After reading some early articles mentioning that DOUBLEPULSAR (reportedly NSA malware) infections were widespread on the Internet, my folks at Rendition Infosec thought the numbers might be inflated due to poorly implemented scans. After performing some of our own scans, we are confident that these numbers are not inflated and at least 3% of the machines with TCP port 445 exposed to the Internet are infected with DOUBLEPULSAR.